Merge branch 'master' of https://github.com/tootsuite/mastodon

Fix /activity endpoint not require signature in authorized fetch mode (#15592 )
Fixes #15589 Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-25 08:33:12 +02:00 · 2021-04-17 17:20:40 +02:00 · 2021-01-19 06:47:36 +01:00 · 2021-01-18 11:10:23 +09:00 · 2021-01-17 01:12:22 +09:00 · 2021-01-17 01:09:26 +09:00
6 changed files with 31 additions and 31 deletions
--- a/2
+++ b/2
@ -143,7 +143,7 @@ group :development do
  gem 'brakeman', '~> 4.10', require: false
  gem 'bundler-audit', '~> 0.7', require: false

-  gem 'capistrano', '~> 3.14'
+  gem 'capistrano', '~> 3.15'
  gem 'capistrano-rails', '~> 1.6'
  gem 'capistrano-rbenv', '~> 2.2'
  gem 'capistrano-yarn', '~> 2.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -116,7 +116,7 @@ GEM
      bundler (>= 1.2.0, < 3)
      thor (>= 0.18, < 2)
    byebug (11.1.3)
-    capistrano (3.14.1)
+    capistrano (3.15.0)
      airbrussh (>= 1.0.0)
      i18n
      rake (>= 10.0.0)
@ -272,7 +272,7 @@ GEM
    httplog (1.4.3)
      rack (>= 1.0)
      rainbow (>= 2.0.0)
-    i18n (1.8.5)
+    i18n (1.8.7)
      concurrent-ruby (~> 1.0)
    i18n-tasks (0.9.33)
      activesupport (>= 4.0.2)
@ -359,10 +359,10 @@ GEM
      net-ssh (>= 2.6.5, < 7.0.0)
    net-ssh (6.1.0)
    nio4r (2.5.4)
-    nokogiri (1.11.0)
+    nokogiri (1.11.1)
      mini_portile2 (~> 2.5.0)
      racc (~> 1.4)
-    nokogumbo (2.0.2)
+    nokogumbo (2.0.4)
      nokogiri (~> 1.8, >= 1.8.4)
    nsa (0.2.7)
      activesupport (>= 4.2, < 6)
@ -560,7 +560,7 @@ GEM
      fugit (~> 1.1, >= 1.1.6)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
-    sanitize (5.2.1)
+    sanitize (5.2.2)
      crass (~> 1.0.2)
      nokogiri (>= 1.8.0)
      nokogumbo (~> 2.0)
@ -591,7 +591,7 @@ GEM
    simple_form (5.0.3)
      actionpack (>= 5.0)
      activemodel (>= 5.0)
-    simplecov (0.21.0)
+    simplecov (0.21.2)
      docile (~> 1.1)
      simplecov-html (~> 0.11)
      simplecov_json_formatter (~> 0.1)
@ -604,7 +604,7 @@ GEM
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
-    sshkit (1.21.0)
+    sshkit (1.21.1)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
    stackprof (0.2.16)
@ -697,7 +697,7 @@ DEPENDENCIES
  browser
  bullet (~> 6.1)
  bundler-audit (~> 0.7)
-  capistrano (~> 3.14)
+  capistrano (~> 3.15)
  capistrano-rails (~> 1.6)
  capistrano-rbenv (~> 2.2)
  capistrano-yarn (~> 2.0)
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -8,7 +8,7 @@ class StatusesController < ApplicationController

  layout 'public'

-  before_action :require_signature!, only: :show, if: -> { request.format == :json && authorized_fetch_mode? }
+  before_action :require_signature!, only: [:show, :activity], if: -> { request.format == :json && authorized_fetch_mode? }
  before_action :set_status
  before_action :set_instance_presenter
  before_action :set_link_headers
--- a/config/deploy.rb
+++ b/config/deploy.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true

-lock '3.14.1'
+lock '3.15.0'

 set :repo_url, ENV.fetch('REPO', 'https://github.com/tootsuite/mastodon.git')
 set :branch, ENV.fetch('BRANCH', 'master')
--- a/package.json
+++ b/package.json
@ -70,7 +70,7 @@
    "@clusterws/cws": "^3.0.0",
    "@gamestdio/websocket": "^0.3.2",
    "@github/webauthn-json": "^0.5.7",
-    "@rails/ujs": "^6.1.0",
+    "@rails/ujs": "^6.1.1",
    "array-includes": "^3.1.2",
    "arrow-key-navigation": "^1.2.0",
    "autoprefixer": "^9.8.6",
@ -157,7 +157,7 @@
    "requestidlecallback": "^0.3.0",
    "reselect": "^4.0.0",
    "rimraf": "^3.0.2",
-    "sass": "^1.32.0",
+    "sass": "^1.32.2",
    "sass-loader": "^10.1.0",
    "stacktrace-js": "^2.0.2",
    "stringz": "^2.1.0",
@ -167,7 +167,7 @@
    "throng": "^4.0.0",
    "tiny-queue": "^0.2.1",
    "uuid": "^8.3.1",
-    "webpack": "^4.44.2",
+    "webpack": "^4.45.0",
    "webpack-assets-manifest": "^4.0.0",
    "webpack-bundle-analyzer": "^4.3.0",
    "webpack-cli": "^3.3.12",
@ -176,7 +176,7 @@
  },
  "devDependencies": {
    "@testing-library/jest-dom": "^5.11.8",
-    "@testing-library/react": "^11.2.2",
+    "@testing-library/react": "^11.2.3",
    "babel-eslint": "^10.1.0",
    "babel-jest": "^26.6.3",
    "eslint": "^7.17.0",
--- a/yarn.lock
+++ b/yarn.lock
@ -1357,10 +1357,10 @@
  resolved "https://registry.yarnpkg.com/@polka/url/-/url-1.0.0-next.11.tgz#aeb16f50649a91af79dbe36574b66d0f9e4d9f71"
  integrity sha512-3NsZsJIA/22P3QUyrEDNA2D133H4j224twJrdipXN38dpnIOzAbUDtOwkcJ5pXmn75w7LSQDjA4tO9dm1XlqlA==

-"@rails/ujs@^6.1.0":
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/@rails/ujs/-/ujs-6.1.0.tgz#9a48df6511cb2b472c9f596c1f37dc0af022e751"
-  integrity sha512-kQNKyM4ePAc4u9eR1c4OqrbAHH+3SJXt++8izIjeaZeg+P7yBtgoF/dogMD/JPPowNC74ACFpM/4op0Ggp/fPw==
+"@rails/ujs@^6.1.1":
+  version "6.1.1"
+  resolved "https://registry.yarnpkg.com/@rails/ujs/-/ujs-6.1.1.tgz#25c4e60018274b37e5ba0850134f6445429de2f5"
+  integrity sha512-uF6zEbXpGkNa7Vvxrd9Yqas8xsbc3lsC733V6I7fXgPuj8xXiuZakdE4uIyQSFRVmZKe12qmC6CNJNtIEvt4bA==

 "@sinonjs/commons@^1.7.0":
  version "1.8.1"
@ -1404,10 +1404,10 @@
    lodash "^4.17.15"
    redent "^3.0.0"

-"@testing-library/react@^11.2.2":
-  version "11.2.2"
-  resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.2.2.tgz#099c6c195140ff069211143cb31c0f8337bdb7b7"
-  integrity sha512-jaxm0hwUjv+hzC+UFEywic7buDC9JQ1q3cDsrWVSDAPmLotfA6E6kUHlYm/zOeGCac6g48DR36tFHxl7Zb+N5A==
+"@testing-library/react@^11.2.3":
+  version "11.2.3"
+  resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.2.3.tgz#9971ede1c8465a231d7982eeca3c39fc362d5443"
+  integrity sha512-BirBUGPkTW28ULuCwIbYo0y2+0aavHczBT6N9r3LrsswEW3pg25l1wgoE7I8QBIy1upXWkwKpYdWY7NYYP0Bxw==
  dependencies:
    "@babel/runtime" "^7.12.5"
    "@testing-library/dom" "^7.28.1"
@ -9924,10 +9924,10 @@ sass-loader@^10.1.0:
    schema-utils "^3.0.0"
    semver "^7.3.2"

-sass@^1.32.0:
-  version "1.32.0"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.32.0.tgz#10101a026c13080b14e2b374d4e15ee24400a4d3"
-  integrity sha512-fhyqEbMIycQA4blrz/C0pYhv2o4x2y6FYYAH0CshBw3DXh5D5wyERgxw0ptdau1orc/GhNrhF7DFN2etyOCEng==
+sass@^1.32.2:
+  version "1.32.2"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.32.2.tgz#66dc0250bc86c15d19ddee7135e93d0cf3d3257b"
+  integrity sha512-u1pUuzqwz3SAgvHSWp1k0mRhX82b2DdlVnP6UIetQPZtYbuJUDaPQhZE12jyjB7vYeOScfz9WPsZJB6Rpk7heA==
  dependencies:
    chokidar ">=2.0.0 <4.0.0"

@ -11581,10 +11581,10 @@ webpack-sources@^1.0, webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-so
    source-list-map "^2.0.0"
    source-map "~0.6.1"

-webpack@^4.44.2:
-  version "4.44.2"
-  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.44.2.tgz#6bfe2b0af055c8b2d1e90ed2cd9363f841266b72"
-  integrity sha512-6KJVGlCxYdISyurpQ0IPTklv+DULv05rs2hseIXer6D7KrUicRDLFb4IUM1S6LUAKypPM/nSiVSuv8jHu1m3/Q==
+webpack@^4.45.0:
+  version "4.45.0"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.45.0.tgz#bcdc1ddb43959adb47f8974e60d944027267c1be"
+  integrity sha512-JhDaVi4CbRcwLLAoqC7eugMSMJnZbIfE2AyjaZ19pnOIh/R2O/lXOiXA2tQFN0iXEcxgpPJsPJHW2wOWqiTLcw==
  dependencies:
    "@webassemblyjs/ast" "1.9.0"
    "@webassemblyjs/helper-module-context" "1.9.0"
Author	SHA1	Message	Date
tykayn	cc76b0e158	Merge branch 'master' of https://github.com/tootsuite/mastodon	2021-04-17 17:20:40 +02:00
ThibG	2ff01f78f7	Fix /activity endpoint not require signature in authorized fetch mode (#15592 ) Fixes #15589 Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2021-01-19 06:47:36 +01:00
dependabot[bot]	e46b50e805	Bump capistrano from 3.14.1 to 3.15.0 (#15537 ) * Bump capistrano from 3.14.1 to 3.15.0 Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.14.1 to 3.15.0. - [Release notes](https://github.com/capistrano/capistrano/releases) - [Commits](https://github.com/capistrano/capistrano/compare/v3.14.1...v3.15.0) Signed-off-by: dependabot[bot] <support@github.com> * Fix config/deploy.rb Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>	2021-01-18 11:10:23 +09:00
dependabot[bot]	096347be10	Bump webpack from 4.44.2 to 4.45.0 (#15535 ) Bumps [webpack](https://github.com/webpack/webpack) from 4.44.2 to 4.45.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v4.44.2...v4.45.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 01:12:22 +09:00
dependabot[bot]	086d1e675a	Bump @rails/ujs from 6.1.0 to 6.1.1 (#15531 ) Bumps [@rails/ujs](https://github.com/rails/rails) from 6.1.0 to 6.1.1. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v6.1.0...v6.1.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 01:09:26 +09:00
dependabot[bot]	03c8590b28	Bump @testing-library/react from 11.2.2 to 11.2.3 (#15533 ) Bumps [@testing-library/react](https://github.com/testing-library/react-testing-library) from 11.2.2 to 11.2.3. - [Release notes](https://github.com/testing-library/react-testing-library/releases) - [Changelog](https://github.com/testing-library/react-testing-library/blob/master/CHANGELOG.md) - [Commits](https://github.com/testing-library/react-testing-library/compare/v11.2.2...v11.2.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 01:08:45 +09:00
dependabot[bot]	2d4a550d10	Bump sass from 1.32.0 to 1.32.2 (#15534 ) Bumps [sass](https://github.com/sass/dart-sass) from 1.32.0 to 1.32.2. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.32.0...1.32.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 01:08:19 +09:00
dependabot[bot]	1118194f29	Bump simplecov from 0.21.0 to 0.21.2 (#15536 ) Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.21.0 to 0.21.2. - [Release notes](https://github.com/simplecov-ruby/simplecov/releases) - [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md) - [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.21.0...v0.21.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 01:06:28 +09:00
dependabot[bot]	4812c16cb5	Bump sanitize from 5.2.1 to 5.2.2 (#15538 ) Bumps [sanitize](https://github.com/rgrove/sanitize) from 5.2.1 to 5.2.2. - [Release notes](https://github.com/rgrove/sanitize/releases) - [Changelog](https://github.com/rgrove/sanitize/blob/master/HISTORY.md) - [Commits](https://github.com/rgrove/sanitize/compare/v5.2.1...v5.2.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 01:02:51 +09:00
dependabot[bot]	fe6ee39168	Bump nokogiri from 1.11.0 to 1.11.1 (#15539 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.0 to 1.11.1. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.0...v1.11.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-01-17 00:59:43 +09:00